The second primary component of Amazon Cognito is identity pools. These pools serve as a means to access AWS services by providing the necessary credentials. Through an identity pool, you can generate unique identities for your users, granting them temporary access credentials to AWS services.
Examining the workflow depicted in Figure 15.2, you will observe that the user initiates the login process (typically through an application on their device) using a web-based IdP. After successful authentication with the web IdP, a GetId request is sent to Amazon Cognito for validation.
Subsequently, the application proceeds with a GetCredentialsForIdentity request. Cognito, once again, validates this request. At this stage, Cognito communicates with Security Token Service (STS), obtaining a short-lived token for the authorized services associated with the application. Finally, Cognito returns the acquired token to the application, as illustrated in the following diagram:
No comments:
Post a Comment